Bug 226079 - www-client/opera <9.50 - Multiple vulnerabilities (CVE-2008-{2714,2715,2716})
|
Bug#:
226079
|
Product: Gentoo Security
|
Version: unspecified
|
Platform: All
|
|
OS/Version: Linux
|
Status: RESOLVED
|
Severity: minor
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: security@gentoo.org
|
Reported By: jer@gentoo.org
|
|
Component: Vulnerabilities
|
|
|
URL:
http://www.opera.com/docs/changelogs/linux/950/#security
|
|
Summary: www-client/opera <9.50 - Multiple vulnerabilities (CVE-2008-{2714,2715,2716})
|
|
Keywords:
|
|
Status Whiteboard: B3 [noglsa]
|
|
Opened: 2008-06-12 14:29 0000
|
Advisories:
http://www.opera.com/support/search/view/878/
http://www.opera.com/support/search/view/883/
http://www.opera.com/support/search/view/885/
From the [URL]:
* Fixed an issue where certain characters could obscure the page address, as
reported by Tony Thomas. See our advisory.
* Solved an issue where Images could be read cross-domain with canvas, as
reported by Philip Taylor. See our advisory.
* Pages held in frames are no longer able to change the location of pages in
unrelated frames on the parent page. See our advisory.
* Improved Fraud Protection now includes advanced malware prevention and
upgraded phishing detection technologies. See article: Opera Fraud Protection.
* Added support for Extended Validation (EV) certificates.
* Added automatic downloading of trusted root certificates when required.
* Disabled SSL v2 and weak ciphers.
* Improvements made to certificate handling, the new certificate repository and
the certificates UI.
* Introduced a new security notification scheme in the address field:
+ black padlock with a check mark on green field for secure sites with
Extended Validation
+ black padlock without a check mark on yellow field for regular secure sites
question mark on gray field for HTTPS sites with issues
+ no notification for normal sites
+ fraud warning on red field for blacklisted sites
* Opera now distinguishes between local servers on localhost, intranet servers,
and remote servers on the Internet.
* Local servers can use remote resources, but not vice versa.
Oh, and it's in the tree. This should be as easy as a call for stabilisation
from amd64, ppc, x86 and x86-fbsd. :)
Arches, please test and mark stable:
=www-client/opera-9.50
Target keywords : "amd64 ppc release sparc x86"
Opera dropped support for sparc, so nothing we can do about it.
(In reply to comment #5)
> Opera dropped support for sparc, so nothing we can do about it.
In which case we should either p.mask the old Opera releases on sparc, or drop
their sparc keywords.
(In reply to comment #8)
> (In reply to comment #5)
> > Opera dropped support for sparc, so nothing we can do about it.
>
> In which case we should either p.mask the old Opera releases on sparc, or drop
> their sparc keywords.
It's a closed source package, so keywords are added and dropped as versions per
architecture are available. I have no opinion on whether to keep 9.27 p.masked
and with all keywords except sparc dropped. SPARC team should decide about
this.
Fixed in release snapshot.
Okay, feel free to p.mask it and keep the sparc keyword.
(In reply to comment #11)
> Okay, feel free to p.mask it and keep the sparc keyword.
It is done. Now is the time for sparc workstation users to ask Opera, Inc.
loudly to support their arch again. :)
